[AusNOG] network security Question
Damien Gardner Jnr
rendrag at rendrag.net
Tue May 20 21:13:37 EST 2014
Pen-test scenario? It used to be the shits-and-giggles pastime at the Canberra 2600 meets, seeing how many networks could be dropped off in the same 1-hour block because they auto-blackholed uneeda.telstra.net, their upstream gateway, their providers BGP IP, etc etc :-p
Automatic blackholing based anything but full connection TCP is a pretty dumb idea mmmkay :)
—DG
On 20 May 2014, at 8:54 pm, Shain Singh <shain.singh at gmail.com> wrote:
> Blocking arbitrary blocks is fraught with danger...
>
>>
>> With regards to arbitrarily blocking whole country netblocks; sure, some
>> people do it. Having your IDS/IPS temporarily block trouble addresses is
>> probably a better solution if you want to go down that path, though.
>>
>
> Common pen-test scenario for if you have an IDS/IPS setup to
> temporarily block based on attack signatures is to make your attacks
> look like they originate from root DNS servers.
>
>
> --
> Shaineel Singh
> e: shain.singh at gmail.com
> p: +61 422 921 951
> w: http://buffet.shainsingh.com
>
> --
> "Too many have dispensed with generosity to practice charity" - Albert Camus
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list